Hello Jinkun,
I agree with everything Doug said, including his final remark that if
one is looking for a protocol explicitely designed for diskless
operation, then Raft might not be the best choice.
However, I also want to highlight what Doug already said:
> The original question was whether one can have a valid implementation
> of Raft that does not rely on persistent storage, so I think the
> answer is "yes!"
And that's easy to do, without any real modification of the protocol, as
Doug himself noted.
Raft (like any other protocol) already requires a unique and stable
identity for each node. That identity must be included in each message
being sent, so the node receiving the message knows what node has sent
it.
The identity must be "stable" in the sense that if a node reboots, then
it must maintain the same identity it had before.
Each implementation is free to choose how to implement such node
identity, it can be the machine IP, the hostname, a UUID, or
anything. The only requirement is that the identity is unique and stable
across reboots.
The criticial point to keep in mind when implementing a diskless Raft is
this:
Nodes never actually reboot. After they crash, they always restart as
brand new nodes with a brand new identity. So they are effectively a new
node.
For example, the identity could be implemented with a UUID which is
generated when the node process starts, and is different every time.
When a node starts again after a crash, it is not the same node anymore,
it is always a brand new node with a new identity which is not yet part
of the configuration. The node that has crashed effectively does not
exist anymore, from the point of view of the protocol. That means that
this newly started or restarted node can't vote and can't become a
leader: since it's not part of the configuration, other nodes will not
vote for it and will not count its vote. Likewise, this new node does
not count for committment quorum, since other nodes won't consider it
when deciding if a log entry is committed or not.
So when a node starts again after a crash, a configuration change will
be needed in order to include it in the configuration. That is a normal
configuration change, already described in the Raft protocol, nothing
special.
This is the way Raft can be made diskless, maintaining safety and
correctness.
Hope that helps,
Free
> To view this discussion on the web visit
https://groups.google.com/d/msgid/raft-dev/44dad35d-7916-4e54-875c-c434c3ced8a4n%40googlegroups.com.